def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) ############################ self.version = 1 self.author = ['VinaKid'] self.description = 'Get subdomain and email' self.detailed_description = \ '\tModule is using to get subdomain and email of domains\n' + \ ' by bruteforce subdomain or from search engineer\n' +\ ' $ w2a > set DOMAIN google,bing,yahoo\n' +\ ' $ w2a > unset DOMAIN\n' +\ ' $ w2a > set DOMAINLIST [path to domain list])\n' +\ '- Option TYPE: speed\n' +\ '- Option SUBLIST: path of subdomain list is using to bruteforce subdomain\n' ############################ self.options.add_string('DOMAIN', 'Target domain (support: domain1,domain2...)', False) self.options.add_string( 'SEARCHER', 'Select search enginee: google, bing, yahoo, baidu, exalead, all', default='google', complete=['google', 'bing', 'yahoo', 'baidu', 'exalead', 'all']) self.options.add_integer('LIMIT', 'Set limit search', default=1000) self.options.add_string('TYPE', 'Type scan(fast, nomal , slow)', default='slow', complete=['fast', 'nomal', 'slow']) self.options.add_integer('DELAY', 'Delay time', default=1) self.options.add_boolean('MULTITHREADS', 'Get subdomain and email with multithreading', default=False) self.options.add_path('SUBLIST', 'Bruteforce subdomain list', False, default=CONFIG.DATA_PATH + '/dict/subdomain.vn') ############################ self.advanced_options.add_integer('THREADS', 'Thread bruteforce', default=5) self.advanced_options.add_boolean('REVERSEIP', 'Reverse ip to find subdomain', False) self.advanced_options.add_path('DOMAINLIST', 'Path to domain list', False) self.advanced_options.add_path('OUTPUT', 'Output directory', False) ############################ self.ip_helper = IP()
def worker(self, domain): threads = [] self.subs = [domain] self.emails = [] self.listip = {} ################################################## subbrute = [] for ext in ['.', '-', '']: for sub in self.subbrute: subbrute.append(sub + ext + domain) if len(subbrute) > 0: self.frmwk.print_status('Starting bruteforce subdomain in : %d thread' % self.subbrutethread) self.listip = IP().getListIP(subbrute, self.subbrutethread) del subbrute ################################################## if self.options['TYPE'].strip().lower() == "fast": type = 2 elif self.options['TYPE'].strip().lower() == "slow": type = 0 else: type = 1 ################################################## self.frmwk.print_status("%s : Start search enginee !" % domain) keywork = '"@' + domain + '" ext:(' + ' OR '.join(CONFIG.EXTENSION) + ')' if self.searcher in ("yahoo", "all"): yh = yahoo.yahoo(keywork, self.limit, self.delay) yh.start() threads.append(yh) if self.searcher in ("bing", "all"): bg = bing.bing(keywork, self.limit, self.delay) bg.start() threads.append(bg) if self.searcher in ("baidu", "all"): bd = baidu.baidu('"@' + domain + '"', self.limit, self.delay) bd.start() threads.append(bd) if self.searcher in ("exalead", "all"): el = exalead.exalead(keywork, self.limit, self.delay) el.start() threads.append(el) if self.searcher in ("google", "all"): gg = google.google(keywork, self.limit, self.delay) gg.start() threads.append(gg) ############### get info from db ################## if self.frmwk.dbconnect: self.frmwk.print_status('Getting data in database') cursor = self.frmwk.dbconnect.db.cursor() dmrow = getDomain(cursor, ['domain_name', 'mail_list'], {'domain_name': '%%%s' % domain}) if dmrow: for dm in dmrow: self.subs.append(dm[0]) if dm[1]: for e in dm[1].split('\n'): self.emails.append(e.split('|')[0].strip()) else: self.frmwk.print_status('Nothing in Database!') cursor.close() else: self.frmwk.print_error('Database connect false!') ################################################## docsthreads = [] try: for t in threads: t.join() self.frmwk.print_status("Harvesting : <[ {0:<25} {1:d}".format(t.name, len(t.info))) if self.multithread: ps = Thread(target = filter.Filter, args = (domain, t.info, type,)) docsthreads.append(ps) ps.start() else: s,e = filter.Filter(domain, t.info, type) self.subs += s self.emails += e except KeyboardInterrupt: for t in threads: if t.isAlive(): t.terminate() for t in docsthreads: if t.isAlive(): t.terminate() pass if len(docsthreads) > 0: for ps in docsthreads: s,e = ps.join() self.subs += s self.emails += e self.subs.append(domain) self.subs = sorted(list(set(self.subs))) self.emails = sorted(list(set(self.emails))) ############ check subdomain ############## self.frmwk.print_status('Checking subdomain in : %d thread' % self.subbrutethread) ips = IP().getListIP(self.subs, self.subbrutethread) for ip in ips.keys(): if ip in self.listip: self.listip[ip] = sorted(list(set(self.listip[ip] + ips[ip]))) else: self.listip[ip] = ips[ip] del ips ################ insert db ################# if self.frmwk.dbconnect: self.frmwk.print_status('start save database!') self.DBInsert(domain) ################# reverse ip ############### if self.reverseip: for ip in self.listip.keys(): reip = self.frmwk.modules['info/reverse_ip'] reip.options.addString('RHOST', 'IP/Domain to reverse(support : ip1,ip2...)', default = ip) reip.options.addBoolean('CHECK', 'check domain is in this IP ', default = True) reip.options.addInteger('THREADS', 'thread check domain', default = 10) ############################ reip.advanced_options.addPath('HOSTLIST', 'Path to domain list', False) reip.advanced_options.addPath('OUTPUT', 'Output directory', False) reip.run(self.frmwk, None) self.frmwk.reload_module('info/reverse_ip') for d in reip.domains: if d.endswith(domain): self.listip[ip].append(d) self.listip[ip] = sorted(list(set(self.listip[ip]))) ########################################### self.frmwk.print_line() self.frmwk.print_success("Hosts found in search engines:\n------------------------------") for ip in self.listip.keys(): self.frmwk.print_success('IP Server : ' + ip) for dm in self.listip[ip]: self.frmwk.print_line('\t. ' + dm) self.frmwk.print_line() self.frmwk.print_line() self.frmwk.print_success("Emails found:\n-------------") self.frmwk.print_line("\n".join(self.emails)) self.frmwk.print_line('')